### -*-tcl-*-
-set C(ca-owner) "mdw"
-set C(ca-group) "mdw"
-set C(ca-user) "mdw"
+set C(ca-owner) "root"
+set C(ca-group) "ca"
+
+set C(ca-name) {
+ countryName "GB"
+ stateOrProvinceName "Cambridgeshire"
+ localityName "Cambridge"
+ organizationName "distorted.org.uk"
+ commonName "distorted.org.uk Certificate Authority"
+ emailAddress "ca@distorted.org.uk"
+}
set P(tls-client) {
extensions tls-client-extensions
- issue-time "*-*-* 03:00:00"
+ issue-time "*-*-* 00:00:00"
start-skew 1
- expire-interval 28
+ expire-interval 32
}
set P(tls-server) {
extensions tls-server-extensions
- issue-time "*-*-* 03:00:00"
+ issue-time "*-*-* 00:00:00"
+ start-skew 1
+ expire-interval 32
+}
+
+set P(tls-server-longterm) {
+ extensions tls-server-extensions
+ issue-time "*-*-* 00:00:00"
start-skew 1
- expire-interval 28
+ expire-interval 43838
}
proc update-hook {} {
- exec rsync -av --delete-after crl ca.cert cert req test/publish 2>@stderr
+ exec 2>@stderr rsync -av --delete-after ca.cert crl cert req publish/
+ exec 2>@stderr userv root publish-ca
}